What is GDPR?
The General Data Protection Regulation(GDPR) is a regulation implemented by the European Union to protect the personal data of EU citizens.
What types of data does GDPR protect?
GDPR applies to personal data, which is any information relating to an identified or identifiable individual. This includes names, addresses, and other identifying information, as well as sensitive information like health data and financial information.
Who does GDPR apply to?
GDPR applies to any organisation that processes personal data of EU citizens, regardless of where the organisation is located.
What are the consequences for non-compliance with GDPR?
Organisations can be fined up to 4% of their annual global revenue or €20 million (whichever is greater) for non-compliance with GDPR.
What are the rights of individuals under GDPR?
Individuals have the right to access their personal data, the right to have their personal data erased, the right to object to the processing of their personal data, and the right to have their personal data corrected.
How can organisations comply with GDPR?
Organisations in most cases must appoint a Data Protection Officer, implement appropriate technical and organisational measures to protect personal data, and conduct regular data protection impact assessments.
How long do organisations have to comply with GDPR?
Organisations have been given since May25th 2018 to comply with GDPR.
How does GDPR relate to other data protection laws?
GDPR replaces the 1995 EU Data Protection Directive.
What is the role of a Data Protection Officer (DPO)?
A DPO is responsible for monitoring compliance with GDPR within an organisation and providing advice and guidance on data protection issues.
Is GDPR only for EU citizen data?
No, GDPR applies to all personal data of EU citizens, regardless of where the data is processed or where the organisation is located.
What are data controllers and data processors?
Under GDPR, the data controller determines the purposes for which and the means by which personal data is processed.
So, if your company/organisation decides ‘why’ and ‘how’ the personal data should be processed, it is the data controller. Employees processing personal data within your organisation do so to fulfil your tasks as data controller.
If your organisation does not determine the 'why' or 'how' of the data processing, it is not a data controller but a data processor.
GDPR defines a data processor as an organisation that processes personal data on behalf of another organisation. A typical activity of processors is for example to offer IT solutions, including cloud storage.
A processor cannot pass the data on to another organisation. It must retain and control it in respect of the GDPR data controller, i.e. the organisation
that controls and specifies the use, access, retention and processing of said data.
An organisation can be a data processor, a data controller or both.
Are public agencies covered under the GDPR?
If the country has adopted GDPR with no changes, Public agencies are also required to meet the GDPR requirements on data compliance. However it should be noted that country specific variations may allow exemptions to be applied for certain public bodies and for certain information gathering activities, such as the police, or intelligence agencies.
Book a demo with our client success team or create an account.